[Mimedefang] Weird issue

Kees Theunissen theuniss at rijnh.nl
Wed Jun 23 15:54:07 EDT 2010 

On Wed, 23 Jun 2010, George Roberts wrote:

>OK, I'm having a weird issue and I just can't seem to figure it out for the life of me.
>
>In filter_begin, I read the HEADERS file:
>
># In the HEADERS file, any multiline headers have been rewritten to
># be one line.  Received: is a typical example.  So here we do not
># need to worry about continuation lines.
>#
># Where there are multiple headers with the same name, what we do
># here will overwrite and end up with the data for the last one.
># If we want to collect them all we make a list like @Received.
>
>my $username, $domain;
>
>%Headers = ();

As others stated already: You need to clear global variables.
Here you clear the global variable %Headers (mark the "s" in the name).
Everywhere else in the code you supplied you're using a hash named
%Header (without the "s").

>
>if (open(IN,"<./HEADERS")) {
>        while(<IN>) {
>            chomp;
>            if (/.* for <(.*)@(.*)>/g) {
>                $username = $1;
>                $domain = $2;
>            }
>            if (/^(\S+): (.*)/) {
>                my $label = $1;
>                my $data  = $2;
>                $label = lc($label);
>                $Header{$label} = $data;

Such as here, in line above.

>                if ($label eq 'received') {
>                    push(@Received,$data);
>                }
>            }
>        }
>}
>close(IN);
>
>$Header is global hash.
>
>In filter_end, I do this:
>

In the next line you're testing an "x-purity-verdict" left over from some
previous message if the current message didn't contain such a header.

>if ($Header{'x-purity-verdict'} =~ /spam/) {
>        md_syslog('warning', 'Redirecting to quarantine - Engine verdict: ' . $Header{'x-purity-verdict'});
>
>        foreach my $rec (@Recipients) {
>                delete_recipient($rec);
>        }
>        add_recipient("quarantine\@cleveland.ijnet.net");
>}
>
>That code is checking to see if another milter, our antivirus engine, has
>added a header called X-Purity-Verdict to the message and if its value is
>"spam".  It then removes the recipients and redirects the message to our
>quarantine address.
>
>That all works fine when the header is there and says "spam" ... sometimes,
>though, when a message DOESN'T have the header, the code deletes all the
>recipients and redirects to quarantine anyway, without ever puttin in the syslog entry:
>
>Jun 23 04:27:10 death purity[662]: MDLOG,o5N9R9GR005379,mail_in,,,<emailreceipts at authorize.net>,<groberts at interjuncture.com>,Merchant Email Receipt
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter delete: rcpt <groberts at interjuncture.com>
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter add: rcpt: quarantine at cleveland.ijnet.net
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter accept: message
>
>I'm just confused how it could even get to that code without putting in
>the log line and what I need to do to fix this.  Our engine is properly
>diagnosing when something is spam, but our mimedefang filter is sending
>it to quarantine anyway even when it's not. :)   Any thoughts?

Are you really sure about the missing log line? It could be located
somewhere else in the log file. Depending on the value of the
left over $Header{'x-purity-verdict'} from some previous message
it could be possible that you just don't recognize the log line as
belonging to this message.
Did you grep for _all_ lines containing the queue-id "o5N9R9GR005379"?
You only showed some of them.


Best regards,

Kees.

-- 
Kees Theunissen
F.O.M.-Institute for Plasma Physics Rijnhuizen, Nieuwegein, Netherlands
E-mail: theuniss at rijnh.nl,  Tel: (+31|0)306096724,  Fax: (+31|0)306031204

More information about the MIMEDefang mailing list